Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Connections to port 635 ??

From: moeller () CERT DFN DE (Klaus Moeller)
Date: Fri, 23 Jun 2000 13:33:29 +0200

-----BEGIN PGP SIGNED MESSAGE-----

Gunther Stammwitz writes:


someone tried very often to connect to port 635. As far as I know
there are no services on that port, is it an attack ?


It depends. Port 635/udp is used by the Linux mountd, for which
several exploits are known. See

=> http://www.cert.org/advisories/CERT: CA-98.12.mountd.html

The IANA lists port 635 as

rlzdbase        635/tcp    RLZ DBase
rlzdbase        635/udp    RLZ DBase
                                Michael Ginn <ginn () tyxar com>

whatever that is.

        Klaus

- --
Klaus Moeller            |                    mailto:moeller () cert dfn de
DFN-CERT GmbH            |
Vogt-Koelln-Str. 30      |                      Phone: +49(40)42883-2262
D-22527 Hamburg          |                        FAX: +49(40)42883-2241
Germany                  |       PGP-Key: finger moeller () ftp cert dfn de

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface

iQEUAwUBOVNLBorEggYLt8j5AQGbNQf2POSPRe0DXcin6cDccf7QT5lJXSKiKvOd
OVfyXtDGvHeY6d14WU8/tyjudeWSETWSlXYf9xCJ6uJi7uD0tLNYJ4KzoNz7UEEI
ShCsBkdQRvlgcJWira1ETdHPn5DSIuIio3KnuHzor+CLKjUFu1xS+PRLRS3XUqL9
oohB1yrHwBWP3EH1OkXJnA0/Dv1ybOVAFVZ5m+VBlKlLcZQxky96HduDKv7U+tpi
x5mXyToXgeTfqTOSCrSwD6mTQp0LEP+ZdtMhTJX2IT/W4PiymKctcCVqY4DwQovr
D1jmQTUt5cxAjz+PnlKe1TG/mK0aHyohwOcyssdzqzd9ZY7PBxdj
=WvfS
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: